Kamil Mrzygłód's personal blog

Hey folks, this will be a really quick post. I've struggling with deploying my ASP.NET Core app via ARM template due to some unexpected problems. Since there's no magic "Enable .NET Core" button in Azure Portal or other App Service property, there's one thing you have to do to make yourself happy. Or maybe two. None is straightforward or intuitive.

Extension

Magically the only thing you need to run ASP.NET Core app in Azure is to install an extension:

Once you have it, your application will run without hesitation. But how to enable it via ARM template?

Use internet

To be honest I got literally no idea how to install an extension with my template. After quick search using Google I found this article. It shows a nice and quick way to deploy an application:

I'm not sure whether you have to pass a very specific version as a value or maybe this parameter is not supported currently - all in all I was a bit dissapointed, that an article 3 months old seemed to be either outdated or incomplete. This is not how you help your community.

Recently I've made my very first real project using ASP.NET Core and I must say it looks fabulous! Since I was working on a common API, I decided(as always) to introduce an interface via Swagger. There was an additional feature - I had to use Azure B2C as my authentication service. It was more or less painful, yet after all my struggles the whole integration is brilliant. Here is a short receipt to do it on your own(there're different examples, but I find most of them lacking some small details, which make the whole picture).

ASP.NET project

This part is simple - create a basic ASP.NET Core project using an API template:

Once we have a project created, one more thing is needed - a package, which will generate a Swagger definition. I decided to try out Swashbuckle.AspNetCore:

Now we have to configure it.

Swagger configuration

To configure Swagger, you have to do 2 things:

add a Swagger service

tell the application to use it

To add(and configure) a Swagger service go to Startup.cs file and find ConfigureServices method. For the basic functionality it should look like this:

As you can see, we've added security definition for OAuth2 in Swagger definition. We defined the type as oauth2 and flow as implicit(as suited for our scenario). AuthorizationUrl is the URL of our B2C endpoint, which defines which policy we'd like to use and what kind of response we expect. The most important thing are the Scopes, which tell us what we can access. When you run your application, you'll see that integration is enabled:

The last thing we need to do is to configure our application in Azure B2C.

Configuring Azure B2C

Once you create an Azure B2C tenant, you have to register an application and define how one can access it. Go to your tenant and create a new application:

Note that port has to match port under which your application runs locally. Now with an application created in Azure B2C we can obtain ObjectId(here called ApplicationId)and test our integration:

Now when I click Authorize, after providing my user and password,I'll get following error:

We have to grant our application missing permissions. But how can we achieve this?

Missing permission

As you can see in our code, we defined two scopes: openid and read.access. Normally we'd like to use openid, but Azure B2C requires providing both openid and other scope. For now we're missing read.access scope in our application. Let's add it. In Azure Portal go to Published scopes:

Now add a new scope read.access:

To finish it go one section up to API access and add new value:

Let's test our integration now:

However when trying to execute a method in our API, we're still getting HTTP 401. Something's missing. It turns out, that we're missing a security requirement setting, which handles injecting a token into header. Consider following ConfigureServices method:

Summary

Integrating Swagger with Azure B2C looks like a nice idea to avoid passing a bearer token manually. What is more you can incorporate your authentication process into testing, so you now that e.g. assigned scopes allow or block access in the right way. I strongly encourage you to play this feature a little bit so you how powerful tool it is.